Age | Commit message (Collapse) | Author |
|
The subnet router anycast address is predefined. Its format is as follows:
| n bits | 128-n bits |
+------------------------------------------------+----------------+
| subnet prefix | 00000000000000 |
+------------------------------------------------+----------------+
The "subnet prefix" in an anycast address is the prefix that identifies a
specific link. This anycast address is syntactically the same as a unicast
address for an interface on the link with the interface identifier set to zero.
Packets sent to the Subnet-Router anycast address will be delivered to one
router on the subnet. All routers are required to support the Subnet-Router
anycast addresses for the subnets to which they have interfaces.
The Subnet-Router anycast address is intended to be used for applications where
a node needs to communicate with any one of the set of routers.
Our code as of now returns the subnet router anycast address as the
first_host_address().
|
|
container: T5867: disable healthchecks due to upstream issue
|
|
op-mode: T5866: Add command to restart IPv6 RA daemon
|
|
conmon 402de34b31388b5a2e1c <error>: Unable to send container stderr message to parent Broken pipe
https://github.com/containers/conmon/issues/438
|
|
vyos@vyos:~$ restart router-advert
|
|
|
|
|
|
T5801: Rewritten L2TP to get_config_dict
|
|
T5842: Rewritten PPTP to get_config_dict
|
|
dhcp: T3316: Support hostname, DUID and MAC address in reservation
|
|
Rewritten PPTP to get_config_dict
Fixed 'dynamic-author' commands. These commands did not create
anything in accel-ppp config.
|
|
T5859: Fixed format of pool range in the accel-ppp config
|
|
firewall: T5834: Rename 'enable-default-log' to 'default-log'
|
|
Fixed format of ipv4 pool range from 'x.x.x.x-x.x.x.y'
to 'x.x.x.x-y'
|
|
`include/firewall/rule-log-options.xml.i` is now more aptly renamed to
`include/firewall/log-options.xml.i`.
|
|
This file is a left over from previous refactoring and no longer
referenced anywhere in the interface definitions.
|
|
One can now do `set policy route foo default-log` which will add log
to the policy route chain.
|
|
|
|
Rename chain level defaults log option from `enable-default-log` to
`default-log` for consistency.
|
|
ddclient: T5144: Warn against configuration with broken IP lookup service
|
|
We always enable HTTPS in ddclient configuration, however
`http://checkip.dyndns.org` is HTTP only and does not support HTTPS.
Warn the user if they are using this service.
Also, make `url` in `web-options` mandatory.
|
|
ddclient: T5144: Migrate web-options url to stricter format
|
|
ethernet: T5566: disable energy efficient ethernet (EEE) for interfaces
|
|
VyOS is a routing (packet pushing) platform, thus supporting EEE which
potentially causes issues is not a good idea. Some recent Intel drivers enable
EEE by default, thus we will disable this for every NIC supporting EEE.
|
|
snmp: T5855: migrate "set service lldp snmp enable" to "set service lldp snmp"
|
|
|
|
|
|
Legacy ddclient allowed arbitrary URLs in web-options, but the new
has stricter validations. Apply migration to the old URLs.
Also migrate checkip.dyndns.org to https://domains.google.com/checkip
for better TLS support.
|
|
|
|
configdict: T5837: add support to return added nodes when calling node_changed()
|
|
snmp: 5856: fix service removal error
|
|
When deleting SNMP from CLI the 'delete' key was not honored in the config
dictionary, leading to a false process startup causing the following error:
Job for snmpd.service failed because the control process exited with error code.
See "systemctl status snmpd.service" and "journalctl -xeu snmpd.service" for details.
|
|
In the past, node_changed() suggested it would also return nodes that got added
(function comment) but in reality only deleted keys got accounted for.
This commit changes the signature and adds an argument expand_nodes to specify
the users interest of a node was deleted (default), added (expand_nodes=Diff.ADD)
or even both (expand_nodes=Diff.ADD|Diff.DELETE).
|
|
node_changed() will return a list of changed keys under "path". We are not
always interested what changed, sometimes we are only interested if something
changed at all, that what vyos.configdict.is_node_changed() is for.
|
|
T160: NAT64 add match firewall mark feature
|
|
Match mark allows to use firewall marks of packet to use
a specific pool
Example of instance config /run/jool/instance-100.json
```
...
"pool4": [
{
"protocol": "TCP",
"prefix": "192.0.2.10",
"port range": "1-65535",
"mark": 23
},
...
```
|
|
|
|
xml: T5854: clear empty paths left by embedded override of defaultValue
|
|
|
|
T5840: Add override for systemd kea-ctrl-agent.service
|
|
After update KEA to 2.4.x in the bf04cd8fea44d375fb7d93d75a1f31c220730c88
there is a file that expects ConditionFileNotEmpty=/etc/kea/kea-api-password
It cause the unit `kea-ctrl-agent.service` cannot start
systemd[1]: kea-ctrl-agent.service - Kea Control Agent was skipped because of an unmet condition check (ConditionFileNotEmpty=/etc/kea/kea-api-password)
Override systemd kea-ctrl-agent.service do not check this file
|
|
Also, have the smoketest start with a clean CLI instance.
|
|
|
|
Reinstate support for hostname in DHCP reservation. Having `hostname` in
allows for server-side assignment of hostname. This is useful for static
lookup of hostname.
Ensure that hostname is a valid FQDN (doesn't have underscore, etc.)
Additionally, support using either of DUID or MAC address for
reservation. While MAC address is typically used for IPv4, and DUID is
typically used for IPv6, either of them can be used in IPv4 and IPv6
reservations in Kea.
|
|
Updated image_installer.py to try and validate image with all
minisign public keys in /usr/share/vyos/keys/
|
|
srv6: T591: enable SR enabled packet processing on defined interfaces
|
|
T2898: add ndp-proxy service
|
|
dhcp: T5846: Ensure DUID regex range is bound
|
|
The DUID regex was missing a lower bound, which could cause it not to
match when it should.
We have to specify the lower bound explicitly as 0 to keep the regex
behavior similar to that in Python (in Python, omitting the lower bound
is equivalent to specifying 0).
|
|
frr: T4020: re-enable watchfrr in config as it is always running
|